Inspired by my earlier accidental discovery that a FreeNAS 11.2 ISO written to a USB drive with Rufus will cause Windows 7 to BSOD, I got to wondering how well modern operating systems handle malformed filesystems. Windows, Linux, macOS, FreeBSD all fail.https://www.youtube.com/watch?v=r3MeifE2oFw …
-
Show this thread
-
Let's add ChromeOS to the list. And in this case, the technique was found via reading a man page. Yes, this is a known, documented behavior!pic.twitter.com/flYKRJuufS
2 replies 1 retweet 7 likesShow this thread -
Since this is public documented behavior, I see no reason to embargo this. I present for you a story in two parts. That's right, the untrusted filesystem itself gets to decide the kernel-level behavior "if" the filesystem contains an error. You will now panic because I said so.pic.twitter.com/7uA1gnnwfx
3 replies 10 retweets 22 likesShow this thread -
Not that this survey will necessarily sway me, but I'm curious about opinions: Publicly releasing a disk image that has filesystems that will panic virtually every OS will be:
2 replies 2 retweets 1 likeShow this thread -
I've given enough time for the linux folks to make a change to this behavior if they wanted. If you wish to test your systems for how they handle EXT2 filesystems that opt in to panic your OS, you can test out a "dd" disk image of such a filesystem here:https://github.com/wdormann/panic_fs …
1 reply 7 retweets 13 likesShow this thread -
Windows- and MacOS-crashing filesystem images added as well. They're not patched either, but I figure that over 9 months should have been enough time.https://github.com/wdormann/panic_fs …
1 reply 6 retweets 9 likesShow this thread -
Replying to @wdormann
I don't know how I missed these but thank you, I am going to irritate the stuffing out of my friends come con time! :)
1 reply 0 retweets 1 like -
Replying to @hackerfantastic
I think they might have fixed that particular Windows one. If I do conclude that that's the case, I supposed I'll just replace it with one of the still-crashing cases.
1 reply 0 retweets 1 like -
Replying to @wdormann
Good work, reminds me of the HFS+ fuzzing from MoAB :)
1 reply 0 retweets 1 like
If you want further details, I did a presentation on it last year: https://www.bsidespgh.com/2019#dormann Nothing terribly clever, but an interesting application of an old existing tool...
-
-
Replying to @wdormann
I've always valued and appreciated your work! Thank you for sharing!
0 replies 0 retweets 2 likesThanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.